Ask the community

Netskope Administration for Departing Users


Netskope Administration for Departing Users


When a user announces their departure from the organization, it's crucial to implement stringent controls and checks to protect corporate data and resources. The user's account should immediately be placed into a "Leaving Users" group within their Identity Provider or Directory Services. This move should trigger a set of pre-configured policies for these accounts.


Critical Policies to be Enabled

  1. Restricted Activities: This policy limits certain user activities to prevent potential loss of data:
    1. Unable to Delete Files: Prevents the user from unintentionally or maliciously deleting crucial company information.
    2. Unable to Share Files to Any Non-Corporate User: Ensures sensitive company data isn't shared externally.
    3. Unable to Download from Salesforce: Ensure customer and prospect data from being downloaded.
  2. Restricted Instances: This policy confines the user's interaction with certain instances:
    1. Unable to Upload any files to Non-Corporate Instances of Sanctioned Cloud Applications: Keeps the organization's data within its control and stops it from being transferred to external locations.
  3. Restricted Applications: This policy governs which applications the user can access:
    1. Unable to Access or Upload Files to Unsanctioned Applications: Keeps company data within approved applications and prevents data leakage
  4. Restrict Endpoint Controls: This policy should be activated to limit endpoint activities:
    1. Unable to Transfer any Files to USB: This ensures that data can't be physically taken out of the organization's network.
    2. Unable to Print any Files: This prevents hard copy data leakage, which can be difficult to track.
  5. Restrict IaaS controls: This policy restricts Infrastructure as a Service (IaaS) access:
    1. Network Administrators should be removed from accessing Production instances of IaaS: This ensures only the necessary personnel can access the production environment.

Investigation Best Practices for Administrators:

  1. Advanced Analytics: Leverage Netskope's Advanced Analytics to monitor user activities and data flow. This allows early detection and management of any anomalies or suspicious activities.
    1. Insider Threat Report: Ensure this report is run with filters for the departing User Group.
  2. Generate a Comprehensive Report: Curate a report of all Application Events for the leaving user for review by the manager. This offers a complete overview of the user's interactions with the company's resources.
    1. User Investigation Report: Ensure this report is run with filters for the departing User Group


Additional Best Practices for Administrators

  1. Take Prompt Action: Implement all changes as soon as a user announces they are leaving to minimize the window for potential data compromises.
  2. Revoke Access: After the user's last day, ensure all access to corporate resources is immediately revoked.
  3. Documentation: Keep detailed records of all actions taken during the offboarding process. This assists in audits, troubleshooting, and provides a reference for future cases.
  4. Regular Review of Departing User Policies: Update and review policies regularly to keep them relevant and effective.

Additional Security Policies to consider:

  1. Password Change Policy: Force an immediate password change to prevent unauthorized access.
  2. Email Forwarding Policy: Disable auto-forwarding of emails to prevent potential data leakage.
  3. Data Backup Policy: Backup all data associated with the user to prevent loss during the offboarding process.


By adhering to these practices, a Netskope Administrator can ensure a secure and efficient offboarding process for departing users, mitigating the risk to the organization's data and resources.

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In